Score:

The Virtual Bookcase Reviews of 'Practical VoIP Security':

ReviewerRob Sladewrote:
VoIP (Voice over Internet Protocol) is something of the new kid on the
technology block, and computer folks may have limited experience with
telephony. It therefore seems a bit strange that chapter one, as an
introduction to VoIP security, starts out by talking about computer
security and attacks. However, the structure of the book is rather
odd in any case. The basics of telephony, and the Public Switched
Telephone Network (PSTN), are not covered until chapter four. Even
then, while there is some useful trivia, most of the content is a list
of telephony protocols. Chapter three covers some of the basic
hardware and element information, discussing PBX (Private Branch
eXchange) systems, VoIP components, and even power supplies. That
material, in turn, would be helpful to those who try to understand
chapter two, which is supposed to be about the Asterisk PBX software
package. Although the text purports to deal with configuration and
features of Asterisk, most of the section's content covers PBX
operations and functions, dial plans, telephony numbering plans, and
even a terse piece on the vital aspect of circuit versus packet
switching.
With chapter five, the book moves into some of the specifics of VoIP,
discussing H.323, a protocol to specify data formats that is used
extensively in commercial IP telephony products. SIP, the Session
Initiation Protocol (used to negotiate interactive sessions over the
net), gets a more detailed treatment (along with examination of
related protocols) in chapter six. Other IP telephony architectures
are briefly listed in chapter seven: the very popular Skype, H.248,
IAX (Inter Asterisk eXchange), and Microsoft's Live Communications
Server 2005 (MLCS). Diverse protocols used in support of VoIP are
discussed in chapter eight. Most of these are commonly used in other
Internet applications: some; such as RSVP (Resource reSerVation
Protocol), SDP (Session Description Protocol), and Skinny; are more
specialized. All the listed protocols have some review of security
implications, which marks the first time in the book that security
seems to be a major issue.
Chapter nine examines specific threats and attacks, mostly related to
denial of service and hijacking. Securing the infrastructure used for
VoIP is important, although the material in chapter ten is fairly
standard information security. Chapter eleven reviews a number of
ordinary authentication tools that are frequently used in VoIP.
"Active Security Monitoring," in chapter twelve, is the traditional
intrusion detection and penetration testing, and has nothing specific
to IP telephony applications. Similarly, chapter thirteen examines
normal traffic management and LAN segregation issues: the only
telephony related content is in regard to VoIP aware firewalls. The
IETF (Internet Engineering Task Force) has recommended certain
existing security protocols in regard to IP telephony, and one
addition (SRTP, Secure Real-time Transfer Protocol): these are
outlined in chapter fourteen. Chapter fifteen lists various (United
States) data security related regulations and the European Union
privacy directive. The IP Multimedia Subsystem (IMS) structure is
reviewed in chapter sixteen. Chapter seventeen repeats the
recommendations made in chapters ten through fourteen.
It is handy to have a number of the issues related to VoIP addressed
in one work. There is some depth to the content of the text as well,
and those dealing with system internals may find that useful.
However, for those who need to manage or make policy or purchasing
decisions in regard to VoIP, this book may not have the forcefulness
of complete analysis, or a structure that would assist in learning the
background. While there is a considerable amount of helpful
information, it reads more like an accumulation of miscellaneous facts
than a directed study.
copyright Robert M. Slade, 2006Add my review for Practical VoIP Security

Book description:

Your Hands-On Guide to Voice over IP (VoIP) This book was written for the thousands of IT professionals-from CIOs to circuit-switched telecom engineers-who are now responsible for deploying and maintaining secure VoIP networks. The book explains the impact on your VoIP network of PSTN, SIP, H.323, firewalls, NAT, encryption, and the regulatory environment. Coverage includes evaluation, design, integration, and management of VoIP networking components, including IP telephones, gateways, gatekeepers, registration servers, media servers, and proxy servers. Throughout the book, the authors rely on their extensive real-world experience to provide readers with practical applications and solutions. * VoIP Isn't Just Another Data Protocol IP telephony uses the Internet architecture, similar to any other data application. However, from a security administrator's point of view, VoIP is different. Understand why. * What Functionality Is Gained, Degraded, or Enhanced on a VoIP Network? Find out the issues associated with quality of service, emergency 911 service, and the major benefits of VoIP. * The Security Considerations of Voice Messaging Learn about the types of security attacks you need to protect against within your voice messaging system. * VoIP and the Public Switched Telephone Network (PSTN) Understand PSTN: what is it, and how does it work? * VoIP Communication Architectures See how products like Skype, H.248, IAX, and Microsoft Live Communications Server 2005 * The Support Protocols of VoIP Environments Learn the services, features, and security implications of DNS, TFTP, HTTP, SNMP, DHCP, RSVP, SDP, and SKINNY. * Securing the Whole VoIP Infrastructure Your guide to Denial-of-Service attacks, VoIP service disruption, call hijacking and interception, H.323-specific attacks, and SIP-specific attacks. * Authorized Access Begins with Authentication Learn the methods of verifying both the user identity and the device identity in order to secure a VoIP network. * Secure Internet Mail See how S/MIME provides cryptographic security services for electronic messaging applications.